tag:blogger.com,1999:blog-8108277809937554792.post1834159605721978173..comments2023-06-30T10:17:31.454-05:00Comments on SteveCo: SELinuxSteven Pritchardhttp://www.blogger.com/profile/00716303018104544735noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8108277809937554792.post-29828331302475779362008-08-23T18:29:00.000-05:002008-08-23T18:29:00.000-05:00Actually, when using SELinux you *cannot* use *-ch...Actually, when using SELinux you *cannot* use *-chroot.Matěj Ceplhttps://www.blogger.com/profile/13388318701398808404noreply@blogger.comtag:blogger.com,1999:blog-8108277809937554792.post-16732463179259803082008-08-22T11:51:00.000-05:002008-08-22T11:51:00.000-05:00Hi Steve,I read this off of my Fedora planet feed,...Hi Steve,<BR/><BR/>I read this off of my Fedora planet feed, and I pretty much wanted to say that as a user-only member of the Fedora community (if you even want to call that being a member ...) I agree completely. I really *want* to use SELinux, but it seems like at this point it just requires too much work and knowledge for someone that isn't running some mission critical server.<BR/><BR/>I know that F9 made the first step in getting us lay-folk to use SELinux by enabling it by default, but too many things weren't working correctly so it just seemed easier to switch back to permissive mode and check my logs regularly. I don't *like* that solution, and I know anyone with true Linux street cred would freak over it, but honestly when I try to convince friends and family that they, too, with far less computer experience than me, could make the switch to Fedora (esp. over Ubuntu) if they wanted to, I'm really kind of jumping the gun because features like SELinux aren't really ready yet for the layest of lay-folk.<BR/><BR/>Obviously, being lazy, and having a limited skill set, I'd love to see a solution my where the packages I download just handle all my SELinux configuration and policy for me and I can expect full functionality *and* better security just by going with Fedora packages, but I can see where this demands too much of the maintainers.<BR/><BR/>--JohnJohn Andrew Hanauerhttps://www.blogger.com/profile/05660489830389214179noreply@blogger.comtag:blogger.com,1999:blog-8108277809937554792.post-5662728184140063302008-08-22T11:29:00.000-05:002008-08-22T11:29:00.000-05:00Chroot is not a security tool.When you're using SE...Chroot is not a security tool.<BR/><BR/>When you're using SELinux you definitely don't need to chroot.Colin Waltershttps://www.blogger.com/profile/07005185411005194524noreply@blogger.com